Connect with us

Windows

Windows 10 PCs are a go as manufacturers and Insiders get final build

blank

Published

on

windows-10-pcs-available-buy-windows-10-upgrade

Windows 10 is coming to a computer near you on July 29, for free if you have Windows 7 or Windows 8 already. But what about PCs with Windows 10? After some delays in releasing the finalized version of Windows 10, Microsoft insiders today confirmed to The Verge reporters that the final Windows 10 build is ready to be sent off to device manufacturers. Although there’s no word about Windows 10 for phones being sent out to manufacturers, being this close to getting our hands on Windows 10  PCs is exciting. That’s because Microsoft’s operating system has been in the unpopular gang for a while now. But Windows 10 has been and is being marketed well and consumers are catching on.

Windows 10 PCs are still a bit of a way off, but it’s refreshing to hear that on July 29, the Windows 10 launch day, there will be PCs running the fresh new OS available. Dell CEO has confirmed that the company would have PCs ready on the 29th, and with the confirmed release of Windows 10 build 10240, the finalized version, more device manufacturers might join the welcoming party. There are many forum and discussion panel members out there hyped up about the prospect of Windows 10 on powerful PCs, and those who are in line for an upgrade are very supportive of Windows 10.

Excitement about the new OS comes from great marketing and a lot of work on the part of Microsoft. Windows 10 will strive to be an upgraded version of Windows 7, with its own little ecosystem in place. This ecosystem involves the Edge browser (formerly known as the Microsoft Spartan browser), Cortana (quite heavily, especially when used with Edge), Windows 10 for phones, HoloLens, Azure, Continuum and a lot of integration. People are liking the concept and Microsoft is confident that an integrated digital experience choreographed by Windows 10 can be what the tech community was missing.

But there’s more to Windows 10 than just its confirmed presence on PCs. Even though we’re looking forward to see what HP, Toshiba, Dell and Lenovo prepared, CEO Satya Nadella is confident that Windows Phone will be as successful as Windows 10 thanks to the integration and the ecosystem that Microsoft is working on. In the insightful interview of Mary Jo Foley, Nadella was quite eloquent about what ecosystem means for Microsoft and why it represents the next step in technology.

Nonetheless, the hype of the moment consists of Windows 10 PCs, and they’re well on their way. Even though Microsoft warned that most of the first Windows PCs will only become available in mid-August. Which shouldn’t be a problem for PC fans, because picking and choosing between PCs is more of a pleasure than a pain. I for one, am waiting to see what mainstream as well as slightly unknown companies have planned for Windows 10, before choosing my upgrade. But those who want to get on the wagon early will still have options to choose from.

HP has already spoken out about their business line-up of devices coming alongside Windows 10, and that includes the Elite as well as the Zbook line-up. Specifics about each device have not been disclosed at the moment, but HP representatives did talk about the Sure Start boot protection that will get an upgrade with Windows 10. Sure Start will have a backup copy of your BIOS system that it can use in case something goes wrong, and that’s unique to HP.

But HP is not the only one preparing innovation for the Windows 10 release. Dell will have Inspiron desktops with Windows 10 ready on July 29, as well as 2 in 1 PCs like the Dell Inspiron 11-3147, the XPS 8700 desktop and more. Dell is ready to receive preorders and has decided to offer one-day shipping so that customers can get a brand new device with Windows 10 on board by July 30, which is interesting for those who have the early-adopter fever, too. Lenovo and Acer will also have new devices ready, but details about the desktops and notebooks themselves have not been disclosed.

At least we know that so far, the preparations for the Windows 10 launch are going great and we’re definitely looking forward to the year. Insiders will be the happiest of them all though, since Microsoft is hosting events all across the world for them. These events will follow the company’s “Upgrade Your World” tagline for the Windows 10 launch and will offer participants exclusive access to hardware, devices and activities surrounding the new operating system. These insiders are our way in to find out more about Windows 10 for phones, the Lumia 940 and the Lumia 1030, too. Insiders have already received access to the Windows 10 10240 build, and they’re going to love the new Edge browser.  Exciting times call for exciting measures!

Since everything is going smoothly for Microsoft right now, and people seem to be genuinely interested in the free Windows 10 upgrade, this campaign could already be called successful. But we will find out how Windows 10 will be received by users soon enough and that’s what will mark the chaging point for Microsoft this year. If the OS pleases enough people, the ecosystem is a go and can be further developed.

As part of the editorial team here at Geekreply, John spends a lot of his time making sure each article is up to snuff. That said, he also occasionally pens articles on the latest in Geek culture. From Gaming to Science, expect the latest news fast from John and team.

Software

Microsoft employees inadvertently disclosed confidential credentials in a security breach

blank

Published

on

blank

Microsoft has successfully addressed a security breach that made internal business information and credentials accessible to the public internet.

Researchers Can Yoleri, Murat Özfidan, and Egemen Koçhisarlı from SOCRadar, a cybersecurity firm specializing in identifying security vulnerabilities, have uncovered an accessible and publicly available storage server on Microsoft’s Azure cloud service. This server was found to contain confidential internal data pertaining to Microsoft’s Bing search engine.

The Azure storage server had code, scripts, and configuration files that stored passwords, keys, and credentials used by Microsoft workers to access internal databases and systems.

However, the storage server lacked password protection, rendering it accessible to everyone on the internet.

According to Yoleri’s statement to , the data that was leaked has the potential to assist unscrupulous individuals in identifying or gaining access to other locations where Microsoft keeps its confidential information. According to Yoleri, if the storage sites are identified, it might lead to more serious data leaks and potentially endanger the services being used.

The researchers reported the security breach to Microsoft on February 6, and Microsoft took measures to protect the leaked files on March 5.

The duration of the cloud server’s exposure to the internet is unknown, as is whether anyone other than SOCRadar found the exposed data. Upon receiving an email, a representative from Microsoft declined to make a comment at the time of publishing. Microsoft did not provide information regarding whether it has reset or altered any of the compromised internal credentials.

This incident represents the most recent security lapse at Microsoft as the corporation endeavors to regain the confidence of its customers following a sequence of cloud security breaches in recent times. Last year, researchers discovered a security breach where Microsoft employees were inadvertently revealing their own corporate network login credentials in code that was made public on GitHub.

Last year, Microsoft faced criticism when it acknowledged its lack of knowledge of the methods used by China-backed hackers to get an internal email signature key. This key granted the hackers extensive access to the Microsoft-hosted inboxes of high-ranking U.S. government officials. An independent panel of cyber experts tasked with looking into the email breach came to the conclusion last week that a number of security flaws at Microsoft allowed the hackers to succeed.

Microsoft declared in March that it was actively defending against a persistent cyberattack by Russian state-sponsored hackers. These hackers managed to pilfer sections of Microsoft’s source code and internal communications belonging to the company’s executives.

Continue Reading

Android

Telegram launches a global self-custodial crypto wallet, excluding the US

blank

Published

on

blank

Telegram, with 800 million monthly users, is launching a self-custodial crypto wallet. The move will solidify its presence in the vibrant crypto community that has grown from its chat platform and may attract more people to crypto.

Telegram and TON Foundation announced TON Space, a self-custodial wallet, on Wednesday at Singapore’s Token2049 crypto conference, which draws over 10,000 attendees.

Telegram has a complicated blockchain relationship. After the SEC sued Telegram over a massive initial coin offering, the chat app abandoned its Telegram Open Network (TON) blockchain project in 2020. The Open Network Foundation (TON Foundation), founded by open-source developers and blockchain enthusiasts, supports the development of The Open Network (TON), the blockchain powering a growing number of Telegram applications, including the wallet.

The Open Platform (TOP) and TOP Labs, a venture-building division, created the TON-based wallet.

TON Space will be available to Telegram users worldwide without wallet registration in November. The U.S., which has cracked down on the crypto industry and promoted many crypto apps to geofence users, is currently excluded from the feature.

Continue Reading

Software

According to Microsoft, hackers stole its email signing key. Kind of

blank

Published

on

blank

China-backed hackers stole a digital skeleton key to access US government emails.

A China-backed hacking group stole one of Microsoft’s email keys, allowing near-unfettered access to U.S. government inboxes, due to a series of unfortunate and cascading mistakes. Microsoft revealed how the hackers pulled off the heist in a long-awaited blog post this week. Although one mystery was solved, several crucial details remain unknown.

In July, Microsoft disclosed that Storm-0558 hackers, which it believes are backed by China, “acquired” an email signing key used to secure Outlook.com accounts. The hackers broke into government officials’ Microsoft-hosted personal and enterprise email accounts using that digital skeleton key. The hack targeted unclassified emails of U.S. government officials and diplomats, including Commerce Secretary Gina Raimondo and Ambassador to China Nicholas Burns.

The hackers’ source of that consumer email signing key was unknown until this week, when Microsoft revealed the five issues that led to its leak.

Microsoft reported in its blog that a consumer key signing system crashed in April 2021. The crash created a system snapshot for analysis. This consumer key signing system is “highly isolated and restricted” from the internet to prevent cyberattacks. Microsoft was unaware that the system crash resulted in a snapshot image containing the consumer signing key #1, which they failed to detect in snapshot#2 .

The snapshot image was “subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network” to determine the system crash. Microsoft confirmed its standard debugging process, but credential scanning did not detect the key in snapshot image#3.

After the snapshot image was moved to Microsoft’s corporate network in April 2021, Microsoft said the Storm-0558 hackers were able to “successfully compromise” a Microsoft engineer’s corporate account, which had access to the snapshot image’s debugging environment, which contained the consumer signing key. Microsoft said “we don’t have logs with specific evidence of this exfiltration,” but this was the “most probable mechanism by which the actor acquired the key.”

Microsoft stated that its email systems were not properly validating the consumer signing key#4, allowing access to enterprise and corporate email accounts of various organizations and government departments. The company stated that its email system would accept a request for enterprise email using a security token signed with the consumer key#5.

Mystery solved? Not quite

Microsoft’s admission that the consumer signing key was likely stolen from its systems ends the speculation that it was obtained elsewhere.

How the intruders hacked Microsoft is unknown. Jeff Jones, senior director at Microsoft, told that “token-stealing malware” compromised the engineer’s account but declined to comment.

Phishing and malicious links can spread token-stealing malware that steals session tokens. Session tokens are small files that keep users logged in without having to re-enter a password or two-factor authentication. Thus, stolen session tokens can give an attacker full access without the user’s password or two-factor code.

Last year, a teenage hacking team called Lapsus$ used malware to steal Uber employee passwords and session tokens. CircleCi was compromised in January after its antivirus software missed token-stealing malware on an engineer’s laptop. After hackers broke into LastPass’s cloud storage via a compromised developer’s computer, customers’ password vaults were breached.

How the Microsoft engineer’s account was compromised could help network defenders prevent future incidents. The engineer’s work computer or a personal device Microsoft allowed on its network may have been compromised. The real culprits for the compromise are the network security policies that failed to block the (albeit highly skilled) intruder, so focusing on an engineer seems unfair.

Cybersecurity is difficult even for corporate mega-giants with nearly unlimited cash and resources. Even if they failed, Microsoft engineers considered a wide range of complex threats and cyberattacks when designing protections and defenses for the company’s most sensitive and critical systems. Storm-0558 hacked into Microsoft’s network by chance or knowing it would find the keys to its email kingdom. It’s a reminder that cybercriminals only need to succeed once.

No analogy fits this unique breach or circumstances. It’s possible to admire a bank’s vault security while acknowledging the robbers who stole the loot inside.

It will be some time before the full extent of the espionage campaign is known, and the remaining victims whose emails were accessed are unknown. The Cyber Security Review Board, a group of security experts that analyzes major cybersecurity incidents, will investigate the Microsoft email breach and other issues “relating to cloud-based identity and authentication infrastructure.”

 

Continue Reading

Trending